-
公开(公告)号:US07913086B2
公开(公告)日:2011-03-22
申请号:US11812635
申请日:2007-06-20
IPC分类号: H04L29/06
CPC分类号: H04L63/123 , G06F21/57 , H04L9/0877 , H04L9/3234
摘要: The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.
摘要翻译: 本发明涉及一种用于远程认证的方法。 在该方法中,在电子设备中的可信平台模块中创建第一非对称密钥对。 第一个公钥和软件平台状态信息通过与可信平台模块相关联的认证身份密钥进行认证,以生成第一个证书。 在电子设备内的应用中产生第二非对称密钥对。 第二个公钥通过第一个密钥进行认证,产生第二个证书。 用第二密钥签名消息以在第一电子设备中提供消息签名。 将消息和消息签名,软件平台状态信息,第一证书和第二证书发送到第二电子设备。
-
公开(公告)号:US20120239936A1
公开(公告)日:2012-09-20
申请号:US13513662
申请日:2009-12-18
CPC分类号: H04L9/3242 , H04L9/3213 , H04L9/3226 , H04L9/3263 , H04L2209/76 , H04W12/0023 , H04W12/00403 , H04W12/04
摘要: Methods and apparatus, including computer program products, are provided for credential transfer. In one aspect there is provided a method. The method may include receiving, at a first device, an authorization token; determining, at the first device, a delegation token, one or more credentials, and metadata; and providing, by the first device to a second device, the delegation token, the one or more credentials, and the metadata. Related apparatus, systems, methods, and articles are also described.
摘要翻译: 提供方法和设备,包括计算机程序产品,用于凭证转移。 在一个方面,提供了一种方法。 该方法可以包括在第一设备处接收授权令牌; 在第一设备处确定委托令牌,一个或多个凭证和元数据; 以及由第一设备向第二设备提供委托令牌,一个或多个凭证和元数据。 还描述了相关装置,系统,方法和制品。
-
3.发明申请METHODS, APPARATUSES, AND COMPUTER PROGRAM PRODUCTS FOR AUTHENTICATION OF FRAGMENTS USING HASH TREES 失效方法,设备和计算机程序产品,用于使用哈希树进行片段验证公开(公告)号:US20090164783A1
公开(公告)日:2009-06-25
申请号:US11961542
申请日:2007-12-20
申请人: John Solis , Kari Timo Juhani Kostiainen , Philip Ginzboorg , Nadarajah Asokan , Joerg Ott , Cheng Luo
发明人: John Solis , Kari Timo Juhani Kostiainen , Philip Ginzboorg , Nadarajah Asokan , Joerg Ott , Cheng Luo
IPC分类号: H04L9/00
CPC分类号: H04L9/3236 , H04L2209/80
摘要: An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.
摘要翻译: 用于使用散列树验证片段的装置可以包括处理器。 处理器可以被配置为提供表示一个或多个片段的一个或多个数据片段和散列树,发送伴随着认证一个或多个第一发送片段所需的散列树的任何节点的至少一个第一片段,并发送 一个或多个随后的片段仅伴随着一些但不是全部的散列树节点,用于认证一个或多个后续片段与其他节点不被发送,但是先前已经与 先前的片段。
-
4.发明授权Methods, apparatuses, and computer program products for authentication of fragments using hash trees 失效使用散列树验证片段的方法,设备和计算机程序产品公开(公告)号:US08352737B2
公开(公告)日:2013-01-08
申请号:US11961542
申请日:2007-12-20
申请人: John Solis , Kari Timo Juhani Kostiainen , Philip Ginzboorg , Nadarajah Asokan , Joerg Ott , Cheng Luo
发明人: John Solis , Kari Timo Juhani Kostiainen , Philip Ginzboorg , Nadarajah Asokan , Joerg Ott , Cheng Luo
IPC分类号: H04L29/06
CPC分类号: H04L9/3236 , H04L2209/80
摘要: An apparatus for authentication of fragments using hash trees may include a processor. The processor may be configured to provide one or more data fragments and a hash tree representing the one or more fragments, send at least one first fragment accompanied by any nodes of the hash tree necessary to authenticate the one or more first sent fragments, and send one or more subsequent fragments accompanied by only some, but not all, of the nodes of the hash tree necessary to authenticate the one or more subsequent fragments with the other nodes that are not sent but are necessary for authentication having been previously sent in conjunction with a prior fragment.
摘要翻译: 用于使用散列树验证片段的装置可以包括处理器。 处理器可以被配置为提供表示一个或多个片段的一个或多个数据片段和散列树,发送伴随着认证一个或多个第一发送片段所需的散列树的任何节点的至少一个第一片段,并发送 一个或多个随后的片段仅伴随着一些但不是全部的散列树节点,用于认证一个或多个后续片段与其他节点不被发送,但是先前已经与 先前的片段。
-
5.发明申请Method and Apparatus to Provide Attestation with PCR Reuse and Existing Infrastructure 审中-公开提供PCR再利用和现有基础设施认证的方法和设备公开(公告)号:US20120324214A1
公开(公告)日:2012-12-20
申请号:US13579013
申请日:2011-02-16
IPC分类号: G06F21/00
CPC分类号: G06F21/57 , H04L9/3234 , H04L9/3247 , H04L9/3271
摘要: The exemplary embodiments or the invention provide at least a method, apparatus, and program of computer instructions to perform operations including receiving a challenge from a prover device, reading and saving an old value of a selected platform configuration register, obtaining at least one measurement or property and forming a new platform configuration register value, where the forming includes calculating a cryptographic hash over the old value of the platform configuration register and the obtained at least one measurement or property, triggering, with the trusted software, an attestation by sending a challenge to a trusted platform module/mobile platform module, and sending by the prover device a device certificate, attestation, at least one measurement or property, and old platform configuration register value to the verifier. Further, the exemplary embodiments or the invention teach sending a challenge to a trusted software of a prover device, and receiving by the verifier device a device certificate, attestation, at least one measurement or property, and an old platform configuration register value from the prover device, checking by the verifier device that extending the old platform configuration register value with the at least one measurement or property results in a new platform configuration register value that has been attested, and using the new platform configuration register value in attestation of the prover device.
摘要翻译: 示例性实施例或本发明提供至少一种计算机指令的方法,装置和程序,以执行操作,包括从证明者设备接收挑战,读取和保存所选择的平台配置寄存器的旧值,获得至少一个测量或 属性并形成新的平台配置寄存器值,其中形成包括计算平台配置寄存器的旧值和所获得的至少一个测量或属性的加密散列,通过发送挑战触发与可信软件的认证 到可信任的平台模块/移动平台模块,并且由验证者设备向验证者发送设备证书,认证,至少一个测量或属性以及旧平台配置寄存器值。 此外,示例性实施例或本发明教导了向验证器设备的可信软件发送挑战,并且由验证器设备从验证器接收设备证书,认证,至少一个测量或属性以及旧平台配置寄存器值 设备,由验证者设备检查扩展旧的平台配置寄存器值与至少一个测量或属性导致已经被证明的新的平台配置寄存器值,并且使用新的平台配置寄存器值来证明证明器设备 。
-
公开(公告)号:US20080320308A1
公开(公告)日:2008-12-25
申请号:US11812635
申请日:2007-06-20
CPC分类号: H04L63/123 , G06F21/57 , H04L9/0877 , H04L9/3234
摘要: The invention relates to a method for remote attestation. In the method is created a first asymmetric key pair in a trusted platform module in an electronic device. A first public key and software platform state information are certified with an attestation identity key associated with the trusted platform module to produce a first certificate. A second asymmetric key pair is produced in an application within the electronic device. The second public key is certified with said first secret key to produce a second certificate. A message is signed with the second secret key to provide a message signature in the first electronic device. The message and the message signature, software platform state information, the first certificate and the second certificate are sent to a second electronic device.
摘要翻译: 本发明涉及一种用于远程认证的方法。 在该方法中,在电子设备中的可信平台模块中创建第一非对称密钥对。 第一个公钥和软件平台状态信息通过与可信平台模块相关联的认证身份密钥进行认证,以生成第一个证书。 在电子设备内的应用中产生第二非对称密钥对。 第二个公钥通过第一个密钥进行认证,产生第二个证书。 用第二密钥签名消息以在第一电子设备中提供消息签名。 将消息和消息签名,软件平台状态信息,第一证书和第二证书发送到第二电子设备。
-
-
-
-
-
搜索结果
6 条记录 (耗时 0.016 秒)
